0

In my web application alpha testing , one are two fiends are complaining about the csrf token mismatch problem,

is there any way to check whether the csrf token is working properly without going into the test feature of laravel ?

I am using

Route::post('signup', array('before' => 'guest|csrf','uses' => 'AuthController@postSignup'));

this in route

and

<input type="hidden" name="_token" value="{{ csrf_token() }}" />

inside the form, is there anything I have done wrong ?

Also I want to know, what are the possible cause for a user manual inputting does not match the csrf token ?

Improve this question

1 Answer 1

Reset to default
1

Laravel 4 automatically adds the token for you, if you use Form::open(). Don't you have two tokens in your form?

Tokens are random strings stored in the current Session, so if you are having trouble with it, you should look into your session and answer some questions (to yourself):

1) When is this happening? How frequent is this? At some point a session will expire and if you keep a form open for a long period time, it wil expire.

2) Wich sesion driver are you using? Have you already changed the driver? (file, cookie, database...)

3) Can you reproduce it?

4) Can you track the Session::getId() to see if it also changes when you get that error? Add this to your code and look at the log files to what happens when you get that error:

Log::info('session.id='.Session::getId());
Log::info('session.token='.Session::token());
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

On top of this, investigate if the token mismatch occurs during an AJAX call vs a "normal" server call. An AJAX call has the potential to trigger a new session under some conditions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.